Your message dated Fri, 05 Dec 2025 16:03:12 +0000
with message-id <[email protected]>
and subject line Bug#1120343: fixed in containerd 1.6.20~ds1-1+deb12u2
has caused the Debian Bug report #1120343,
regarding containerd: CVE-2025-64329
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1120343: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120343
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: containerd
Version: 1.7.24~ds1-6
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for containerd.
CVE-2025-64329[0]:
| containerd is an open-source container runtime. Versions 1.7.28 and
| below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and
| 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach
| implementation where a user can exhaust memory on the host due to
| goroutine leaks. This issue is fixed in versions 1.7.29, 2.0.7,
| 2.1.5 and 2.2.0. To workaround this vulnerability, users can set up
| an admission controller to control accesses to pods/attach
| resources.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-64329
https://www.cve.org/CVERecord?id=CVE-2025-64329
[1]
https://github.com/containerd/containerd/security/advisories/GHSA-m6hq-p25p-ffr2
[2]
https://github.com/containerd/containerd/commit/c575d1b5f4011f33b32f71ace75367a92b08c750
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: containerd
Source-Version: 1.6.20~ds1-1+deb12u2
Done: Reinhard Tartler <[email protected]>
We believe that the bug you reported is fixed in the latest version of
containerd, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Reinhard Tartler <[email protected]> (supplier of updated containerd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 16 Nov 2025 16:57:18 -0500
Source: containerd
Architecture: source
Version: 1.6.20~ds1-1+deb12u2
Distribution: bookworm-security
Urgency: medium
Maintainer: Debian Go Packaging Team <[email protected]>
Changed-By: Reinhard Tartler <[email protected]>
Closes: 1120343
Changes:
containerd (1.6.20~ds1-1+deb12u2) bookworm-security; urgency=medium
.
* Fix overly broad directory permissions, Fixes: CVE-2024-25621
* Fix bug in the CRI Attach implementation, Fixes: CVE-2025-64329
Closes: #1120343
Checksums-Sha1:
ecea856a28783c612885f1c994405ddedef9308c 4827
containerd_1.6.20~ds1-1+deb12u2.dsc
6b6bd9969d80877f1912e58599cf7012957ccdab 2100072
containerd_1.6.20~ds1.orig.tar.xz
33578d718445be8ad8f26db3678b5bd593942cfd 23692
containerd_1.6.20~ds1-1+deb12u2.debian.tar.xz
0edaf4fbb607596735928741d6c39aabf75fcf95 10147
containerd_1.6.20~ds1-1+deb12u2_source.buildinfo
Checksums-Sha256:
aef4c9d428cb7d35fd1d4feca3d24591ae8f2d8cd7887126ba0e1b0631f9ef9e 4827
containerd_1.6.20~ds1-1+deb12u2.dsc
270136d05125f15636f036d4ea846581c0e49a1d3a5e6001115098f4b656d688 2100072
containerd_1.6.20~ds1.orig.tar.xz
b58dc21a8a16d1da0482a9125b07e72d2d20cbb9472d184e86e0608c8baee57c 23692
containerd_1.6.20~ds1-1+deb12u2.debian.tar.xz
c5c75db941a77f4245414880a96cd393f110a15f00a60b14c8993049ba9a8f8f 10147
containerd_1.6.20~ds1-1+deb12u2_source.buildinfo
Files:
9007c78bfa1868f2e439c0038f10a880 4827 admin optional
containerd_1.6.20~ds1-1+deb12u2.dsc
09a7fa3682e8330383c1b56c31ef4b48 2100072 admin optional
containerd_1.6.20~ds1.orig.tar.xz
2aea43d4989ad9a716fa95c961949f47 23692 admin optional
containerd_1.6.20~ds1-1+deb12u2.debian.tar.xz
2f5b6b3afcdccb670e2abb5cb651940c 10147 admin optional
containerd_1.6.20~ds1-1+deb12u2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCgAyFiEEMN59F2OrlFLH4IJQSadpd5QoJssFAmkdxrgUHHNpcmV0YXJ0
QHRhdXdhcmUuZGUACgkQSadpd5QoJsuZ2g/+OgoqGb7xqHV8GhvKTLAjDels3w6l
qW01KA10ci+LA4AQnCNSAZzhvEraMjHQ22ELl45fkqyAAT/+RlEo5brFuVw7U3Kv
oqrD5/ISfmZ1amTH7f56PjX2mU0kO1MEOYNRKU5OPsbMi/sahUcOitzWIPYxOC3A
52SghWKn6IgLUw8aDasJ42ng96wDTcUluBOcbb94HYN0sJl5GHbF+gom+t3ZVNWE
aFOGhdViBw4nBqkZYsLDOyFST4DZodYQSqe3EEhHCufWuoVJkbeVo5BXyku0CJmS
ONNaAvdEryhemJ1LTP1mZHaLynedwYcHTW5uP6/eyjiJ50bYQcq6lmJSsxhoe8d7
KKYasSBUlOH54QOcNnAVHooBhxUuDDjFCqrXJCUaVnVpgz7u4Cz+tfk8ZY2X8k/a
4vXj0IK8RHBwHOuvZ1YbqEoBPAuQ/GJ06dfHSduQPNEX4uNoLb7espYbk1znxqMC
9pdXd39/hgamBY2fbfgP1jprIPySZeE1WoFE1IS/sMZRkyrF9HJLh2YF9dn+4gzj
gPPFT400vqHFiVfX2OzGPKl7a0yxJCbODsiO+CNYbDJnxc0Cy04IqaNuf9nrVRL7
qlayCo7UR+fiEIxQdok77gW0csjCw1SYRJpgeFIUiq0pZtJcWTT5ZR0Sw8iUT0Vb
T/ERSC5zhZq36nY=
=WNNZ
-----END PGP SIGNATURE-----
pgpenZg9PZSuO.pgp
Description: PGP signature
--- End Message ---
